SAP Cybersecurity by NO MONKEY

The Death of Traditional SAP Security


Listen Later

20 Years of Vulnerabilities That Refuse to Die

In this episode, Frederik Weidemann (Orgaverse) sits down with Waseem to discuss why traditional SAP security approaches are fundamentally broken. From OS command execution that still works in 2026 to cloud architectures that nobody understands, Frederik walks through two decades of SAP vulnerabilities that organizations keep repeating. Discover why patches aren't the answer, how AI is changing offensive security forever, and what organizations actually need to do to mature SAP security.

TAKEAWAYS

  • Why SAP vulnerabilities discovered 20 years ago still compromise systems today
  • How OS command execution remains a critical risk across multiple attack vectors
  • The shared responsibility model that most cloud customers fundamentally misunderstand
  • Why BTP is becoming the new DMZ for SAP landscapes (and why that's dangerous)
  • How AI is automating vulnerability discovery faster than organizations can patch
  • HOST & GUEST

    Host: Waseem Ajrab | NO MONKEY
    Guest: Frederik Weidemann | Orgaverse

    CHAPTERS

    01:20 Frederik Weidemann's 20-year journey in SAP security
    03:08 The evolution of SAP security awareness since 2006
    05:44 Why security researchers still fear touching SAP
    08:31 Recent trends in SAP vulnerabilities and patch patterns
    11:41 OS command execution: Why removing one report doesn't solve the problem
    14:46 The complexity of securing SAP operating systems
    19:55 How BTP is changing the enterprise attack surface
    25:04 API management and integration suite security risks
    31:34 Zero trust in SAP: Identity management as the foundation
    32:23 The challenge of navigating identity provisioning
    39:10 AI's impact on offensive security and vulnerability discovery
    46:05 Understanding ABAP as an offensive tool, not business logic
    51:50 Integrating AI and Joule into security workflows
    56:19 The mindset shift organizations need right now

    New episodes drop regularly, featuring conversations with cybersecurity experts, SAP practitioners, and industry leaders who've been in the trenches. No vendor pitches. No fluff. Just actionable insights you can apply today.

    Because curiosity is free – but recovery isn't.

    ...more
    View all episodesView all episodes
    Download on the App Store

    SAP Cybersecurity by NO MONKEYBy Waseem Ajrab